yubihsm-go/README.md

# yubihsm-go
Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.

It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of
messages is depleted.

Currently the following commands are implemented:

 * DeviceInfo
 * Reset
 * GenerateAsymmetricKey
 * SignDataEddsa
 * SignDataPkcs1
 * PutAsymmetricKey
 * GetPubKey
 * DeriveEcdh
 * Echo
 * ChangeAuthenticationKey
 * PutAuthenticationKey
 * GetOpaque
 * PutOpaque
 * SignAttestationCertificate
 * Authentication & Session related commands
 * GetPseudoRandom

Implementing new commands is really easy. Please consult `commands/constructors.go` and `commands/response.go` for reference.

Please submit a PR if you have implemented new commands or extended existing constructors.

## Example of usage

```go
c := connector.NewHTTPConnector("localhost:1234")
sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)
if err != nil {
	panic(err)
}

echoMessage := []byte("test")

command, err := commands.CreateEchoCommand(echoMessage)
if err != nil {
	panic(err)
}

resp, err := sm.SendEncryptedCommand(command)
if err != nil {
	panic(err)
}

parsedResp, matched := resp.(*commands.EchoResponse)
if !matched {
	panic("invalid response type")
}

if bytes.Equal(parsedResp.Data, echoMessage) {
	println("successfully echoed data")
} else {
	panic(errors.New("echoed message did not equal requested message"))
}

```
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`# yubihsm-go`
			`Yubihsm-go is a minimal implementation of the securechannel and connector protocol of the YubiHSM2.`

Refactor SessionManager 2018-10-24 02:27:50 -07:00			`It also implements a simple SessionManager which keeps connections alive and swaps them if the maximum number of`
			`messages is depleted.`
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00
			`Currently the following commands are implemented:`

add support for complete response 2022-07-12 08:49:49 -07:00			`* DeviceInfo`
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`* Reset`
			`* GenerateAsymmetricKey`
			`* SignDataEddsa`
Merge conflicts 2021-04-07 15:05:46 -07:00			`* SignDataPkcs1`
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`* PutAsymmetricKey`
			`* GetPubKey`
Implement DeriveEcdh command Add the implementation fo the DeriveEcdh command alongside a command name that matches what Yubi calls it. Left the previously named one alone so this doesn't break backwards compatibility if anyone was using that. Docs: https://developers.yubico.com/YubiHSM2/Commands/Derive_Ecdh.html 2019-08-27 14:08:25 -07:00			`* DeriveEcdh`
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`* Echo`
Add ChangeAuthenticationKey command Introduce the command which is used to change the password to authenticate to the HSM. A small refactoring of extracting authkey out was necessary to prevent an import cycle from securechannel importing commands which (without the refactor) imported secure channel again. Documentation for this command: https://developers.yubico.com/YubiHSM2/Commands/Change_Authentication_Key.html 2020-02-28 09:40:45 -08:00			`* ChangeAuthenticationKey`
Add commands 2021-04-07 14:22:09 -07:00			`* PutAuthenticationKey`
			`* GetOpaque`
			`* PutOpaque`
			`* SignAttestationCertificate`
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`* Authentication & Session related commands`
Merge conflicts 2021-04-07 15:05:46 -07:00			`* GetPseudoRandom`
Implement DeriveEcdh command Add the implementation fo the DeriveEcdh command alongside a command name that matches what Yubi calls it. Left the previously named one alone so this doesn't break backwards compatibility if anyone was using that. Docs: https://developers.yubico.com/YubiHSM2/Commands/Derive_Ecdh.html 2019-08-27 14:08:25 -07:00
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			Implementing new commands is really easy. Please consult `commands/constructors.go` and `commands/response.go` for reference.

			`Please submit a PR if you have implemented new commands or extended existing constructors.`

			`## Example of usage`

Docs: add syntax highlighting 2022-06-30 07:04:49 -07:00			```go
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`c := connector.NewHTTPConnector("localhost:1234")`
			`sm, err := yubihsm.NewSessionManager(c, 1, "password", 2)`
			`if err != nil {`
			`panic(err)`
			`}`

			`echoMessage := []byte("test")`

			`command, err := commands.CreateEchoCommand(echoMessage)`
			`if err != nil {`
			`panic(err)`
			`}`

Refactor SessionManager 2018-10-24 02:27:50 -07:00			`resp, err := sm.SendEncryptedCommand(command)`
Prepare for GitHub publication 2018-10-01 05:48:56 -07:00			`if err != nil {`
			`panic(err)`
			`}`

			`parsedResp, matched := resp.(*commands.EchoResponse)`
			`if !matched {`
			`panic("invalid response type")`
			`}`

			`if bytes.Equal(parsedResp.Data, echoMessage) {`
			`println("successfully echoed data")`
			`} else {`
			`panic(errors.New("echoed message did not equal requested message"))`
			`}`

Refactor SessionManager 2018-10-24 02:27:50 -07:00			```